Embodiments of the invention relate to computer security. Specific embodiments relate to training information technology (IT) staff in the defense of computer networks.
Maintaining computer network security is become an increasingly difficult task. The internal (insider) threat has historically accounted for the greatest amount of misuse activity; and its consequence affects even the most trusted networks. Whether intentional or through improper procedure, the insider threat has resulted in lost productivity, espionage and fraud. The Internet plays an ever-increasing role in our national IT infrastructure as its ubiquitous nature provides a very cost-effective and high availability communication network. This world-wide infrastructure complements the trusted networks providing long-haul communications as well as remote management connectivity to Supervisory Control and Data Acquisition (SCADA) units connected to critical enterprise operations. The widening use of the Internet introduces increased exposure to the external threat such as corporate spies, cyber terrorists, and a growing number of “wannabe” hackers.
While higher-profile exploits (primarily external threats) such as “Code Red,” “Nimda,” “Blaster,” and “Sasser” are covered by the media, many more cyber incidents go unpublicized; at times because system administrators and security personnel are often ill-prepared to recognize, mitigate, and document cyber incidents. Compounding the situation is that knowledgeable hackers can use the aggregated power of low-value compromised systems to execute a coordinated attack against more a more critical, better defended system. As such, most any IT resource connected to the Internet, regardless of its importance, becomes a weak link in the IT infrastructure if left unprotected. To protect these networks and resources, strong information assurance measures must be put in place to ensure the uninterrupted, reliable operation of these critical enterprise systems in the face of both internal and external threats.